A former NHS secretary has been fined by the information safety regulator after illegally accessing the medical data of over 150 individuals.
The Info Commissioner’s Workplace (ICO) mentioned {that a} grievance was first lodged again in June 2019, after a affected person raised issues that their data had been improperly accessed by Loretta Alborghetti, from Redditch.
Alborghetti labored as a medical secretary throughout the ophthalmology division of Worcestershire Acute Hospitals NHS Belief. But she accessed this explicit particular person’s data 33 occasions with out consent between March 2019 and June 2019, a subsequent ICO investigation discovered.
The regulator then discovered that she had accessed a complete of 156 affected person data with out consent or a enterprise want, viewing them greater than 1800 occasions throughout the three-month interval. This included the data of people and their members of the family with postcodes native to the place she lived on the time.
The individuals whose data she accessed apparently had no medical circumstances referring to ophthalmology.
Learn extra on NHS privateness issues: NHS to Share Affected person Information with Third Events, Fueling Privateness and Safety Fears
ICO head of investigations, Andy Curry, argued that the general public shouldn’t must suppose twice about whether or not their medical knowledge is in secure palms.
“We need to remind these in positions of belief that simply because your job could grant you entry to different individuals’s private info, that doesn’t imply you have got the authorized proper to have a look at it to your personal functions,” he added.
“This case exhibits that the ICO will take motion when confidential private data are accessed unlawfully. Curiosity isn’t any excuse for breaching knowledge safety legal guidelines.”
Nevertheless, the scale of the high-quality handed to Alborghetti (£648/$810) arguably falls wanting that wanted to ship a transparent message to others.
She pleaded responsible to unlawfully acquiring private knowledge in breach of Part 170 of the Information Safety Act 2018, in line with the ICO.
